近年來,高級持續威脅(APT) 組織的激增給網絡安全專業人員帶來了 重大挑戰。為了有效地理解這些惡意組織之間的關係和相似之處,需要一 種全面而穩健的分析方法。在本文中,我們提出了一種新穎的加權相似性 度量方法,該方法考慮了APT 組的各種特徵和特徵。我們的方法利用 MITRE ATT&CK 技術和軟件、目標國家和行業等類別來捕獲每個APT 組 的特徵。通過分析這些特徵之間的聯繫和重疊,我們可以建立一個加權相 似度分數來量化不同APT 組之間的相似程度。該分數對於識別惡意實體 之間的潛在關聯、子組或共享特徵至關重要。為了驗證我們的方法的有效 性,我們進行了廣泛的實驗評估。結果表明我們的方法能夠準確評估APT 組之間的關係。通過加權相似性度量,我們在APT 組分析和分群實現了 更可靠和公正的決策過程。我們研究的意義在於它有可能增強對APT 組 動態的理解並提高威脅情報能力。通過深入了解APT 組織之間的相似性 和聯繫,並進行分群。網絡安全專業人員可以針對同一個群體的APT 組織 製定更有針對性和更有效的策略來減輕和應對網絡威脅。;In recent years, the rise of Advanced Persistent Threat (APT) groups has posed significant challenges to cybersecurity experts. To effectively understand the relationships and similarities among these groups, a comprehensive and robust analysis approach is required. In this article, we present a novel weighted similarity measurement method that considers various features and characteristics of APT groups. Our method leverages features such as MITRE ATT&CK Techniques and Software, target countries, and industries to capture the unique aspects of each APT group. By analyzing the connections and overlaps between these features, we can establish a weighted similarity score that quantifies the degree of similarity between different APT groups. This score is crucial in identifying potential associations, subgroups, or shared characteristics among malicious entities. To validate the effectiveness of our approach, we conducted extensive experimental evaluations. The results demonstrated the ability of our method to accurately assess the relationships among APT groups. By utilizing the proposed weighted similarity measurement, we achieved more reliable and unbiased decision-making processes in the field of APT group analysis and clustering. The significance of our research lies in its potential to enhance the understanding of APT group dynamics and improve threat intelligence capabilities. By gaining insights into the similarities and connections between APT groups, cybersecurity professionals can develop more targeted and effective strategies to mitigate and respond to cyber threats.
